Closed anayrat closed 7 years ago
You're right.
Is it sufficient to forbid the localhost
from connecting using the replication
user?
Thanks.
Jan
Following quick start you should put the vip and the hostname :
host replication postgres 192.168.122.50/32 reject
host replication postgres $(hostname -s) reject
Well, this means it cannot be generic and pg_hba.conf
needs to be altered on every host on every sync. Do I understand it correctly?
That's complicates things quite a lot.
Humm I don't understand, you can put theses rules in all pg_hba.conf. You only have to change it when VIP address change.
The pg_hba.conf
file gets replicated to all slaves. So it needs to be altered afterwards to reflect new $(hostname -s)
.
Therefore it applies also to resync of a failed master.
You are right.
How about this?
After initial basebackup, the pg_hba.conf
is altered to forbid self replication.
And at the end of the role, a customized shell script is generated that can be used to do manual basebackup when needed. The script itself will take care of the fixing pg_hba.conf
downloaded from the master.
I don't like half-automated things ;)
Jan
Hello,
Thanks for this role!
As explained in PAF's documentation you should add a rule in pg_hba.conf to forbid self-replication :
Regards,